There is no catch other then I guess they are short lived certificates. So arguably its harder to administer. But short lived certificates are the future, its a better way to deal with rogue certificates, no need to blacklist a certificate if it just expires instead, the long term aim is for expiries much shorter than 3 months, some websites rotate certificates several times a week.

The certificate business has long been a bit of a nasty one, companies charging for automated processes just "because they can", a certificate self signed is not less secure than a trusted CA signed one, its just that its CA is not whitelisted in the main browsers so will come up as a untrusted site. SSL serves two purposes, to protect traffic from interception and to identify the owner as trusted of the website you visiting, but the bottom end certificates that have been sold for decades, dont really verify anything other than domain ownership.

e.g. my PFSense unit has a self signed 20 year certificate thats trusted in my browser, I simply added my own CA to the certificate store on my PC. I use that CA also for my ESXi server's as well so their web interfaces are also trusted in my browser.

The other issue been as well, the www needs to migrate to full https really, google are pushing it for it as well as other established entities, but people having to pay for certificates was holding things back. http/2 can make https faster than http for browsing, and TLS 1.3 will shorten load times even more. As usual webmaster's dont tend to care until they have to change for £££, so e.g. when google started derating non https on search results, suddenly takeup spiralled. It will be the same when they derate ipv4 only sites later in the year to push ipv6 adoption. Notice how TBB migrated their homepage to https, but not their forum, that was about SEO, if it was about enhancing privacy of data they would have done the forum as well.

LetsEncrypt has been setup to basically "correct" the market. Stop the charging for automated domain ownership checked certificates. Also to drag down TTL times as well, and to try and force through other modern standards.

The line stats link in my sig is encrypted using a letsencrypt cert and is on http/2.